/*     */ package com.zimbra.qa.unittest.prov.soap;
/*     */ 
/*     */ import com.zimbra.common.soap.Element;
/*     */ import com.zimbra.common.soap.SoapFaultException;
/*     */ import com.zimbra.common.soap.SoapProtocol;
/*     */ import com.zimbra.common.soap.SoapTransport;
/*     */ import com.zimbra.cs.account.Account;
/*     */ import com.zimbra.cs.account.Domain;
/*     */ import com.zimbra.cs.account.Provisioning;
/*     */ import com.zimbra.soap.JaxbUtil;
/*     */ import com.zimbra.soap.account.message.CreateSignatureRequest;
/*     */ import com.zimbra.soap.account.type.Signature;
/*     */ import java.util.HashMap;
/*     */ import java.util.Map;
/*     */ import org.junit.AfterClass;
/*     */ import org.junit.BeforeClass;
/*     */ import org.junit.Test;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class TestCsrfRequest
/*     */   extends SoapTest
/*     */ {
/*     */   private static SoapProvTestUtil provUtil;
/*     */   private static Provisioning prov;
/*     */   private static Domain domain;
/*     */   
/*     */   @BeforeClass
/*     */   public static void init()
/*     */     throws Exception
/*     */   {
/*  44 */     provUtil = new SoapProvTestUtil();
/*  45 */     prov = provUtil.getProv();
/*  46 */     domain = provUtil.createDomain(baseDomainName());
/*     */   }
/*     */   
/*     */   @AfterClass
/*     */   public static void cleanup() throws Exception {
/*  51 */     Cleanup.deleteAll(new String[] { baseDomainName() });
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void getCreateSigWithAuthAndCsrfDisabled() throws Exception {
/*  56 */     Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
/*  57 */     boolean csrfEnabled = Boolean.FALSE.booleanValue();
/*  58 */     SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE.booleanValue());
/*     */     
/*     */ 
/*  61 */     String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
/*     */     
/*  63 */     Signature sig = new Signature(null, "testSig", sigContent, "text/html");
/*  64 */     CreateSignatureRequest req = new CreateSignatureRequest(sig);
/*  65 */     SoapProtocol proto = SoapProtocol.Soap12;
/*  66 */     Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
/*     */     try
/*     */     {
/*  69 */       Element element = transport.invoke(sigReq, false, false, null);
/*  70 */       String sigt = element.getElement("signature").getAttribute("id");
/*  71 */       org.junit.Assert.assertNotNull(sigt);
/*     */     } catch (SoapFaultException e) {
/*  73 */       e.printStackTrace();
/*  74 */       org.junit.Assert.assertNull(e);
/*     */     }
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void getCreateSigWithAuthAndCsrfEnabledNoCsrfToken()
/*     */     throws Exception
/*     */   {
/*  82 */     Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
/*  83 */     boolean csrfEnabled = Boolean.TRUE.booleanValue();
/*  84 */     SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE.booleanValue());
/*     */     
/*     */ 
/*  87 */     String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
/*     */     
/*  89 */     Signature sig = new Signature(null, "testSig", sigContent, "text/html");
/*  90 */     CreateSignatureRequest req = new CreateSignatureRequest(sig);
/*  91 */     SoapProtocol proto = SoapProtocol.Soap12;
/*  92 */     Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
/*     */     try
/*     */     {
/*  95 */       element = transport.invoke(sigReq, false, false, null);
/*     */     } catch (SoapFaultException e) {
/*     */       Element element;
/*  98 */       org.junit.Assert.assertNotNull(e);
/*  99 */       junit.framework.Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
/*     */     }
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void getCreateSigWithAuthAndCsrfEnabledAndCsrfToken() throws Exception
/*     */   {
/* 106 */     Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
/* 107 */     boolean csrfEnabled = Boolean.TRUE.booleanValue();
/* 108 */     SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.TRUE.booleanValue());
/*     */     
/*     */ 
/* 111 */     String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
/*     */     
/* 113 */     Signature sig = new Signature(null, "testSig", sigContent, "text/html");
/* 114 */     CreateSignatureRequest req = new CreateSignatureRequest(sig);
/* 115 */     SoapProtocol proto = SoapProtocol.Soap12;
/* 116 */     Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
/*     */     try
/*     */     {
/* 119 */       Element element = transport.invoke(sigReq, false, false, null);
/* 120 */       String sigt = element.getElement("signature").getAttribute("id");
/* 121 */       org.junit.Assert.assertNotNull(sigt);
/*     */     } catch (SoapFaultException e) {
/* 123 */       org.junit.Assert.assertNull(e);
/*     */     }
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void getCreateSigWithAuthAndCsrfEnabledAndInvalidCsrfToken() throws Exception
/*     */   {
/* 130 */     Map<String, Object> attrs = new HashMap();
/* 131 */     attrs.put("zimbraCsrfTokenCheckEnabled", "TRUE");
/* 132 */     prov.modifyAttrs(prov.getConfig(), attrs, true);
/* 133 */     Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
/* 134 */     boolean csrfEnabled = Boolean.TRUE.booleanValue();
/* 135 */     SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.TRUE.booleanValue());
/* 136 */     String temp = transport.getCsrfToken().substring(7);
/* 137 */     transport.setCsrfToken(temp);
/*     */     
/*     */ 
/*     */ 
/* 141 */     String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
/*     */     
/* 143 */     Signature sig = new Signature(null, "testSig", sigContent, "text/html");
/* 144 */     CreateSignatureRequest req = new CreateSignatureRequest(sig);
/* 145 */     SoapProtocol proto = SoapProtocol.Soap12;
/* 146 */     Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
/*     */     try
/*     */     {
/* 149 */       Element element = transport.invoke(sigReq, false, false, null);
/* 150 */       String sigt = element.getElement("signature").getAttribute("id");
/* 151 */       org.junit.Assert.assertNull(sigt);
/*     */     } catch (SoapFaultException e) {
/* 153 */       org.junit.Assert.assertNotNull(e);
/* 154 */       junit.framework.Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
/*     */     }
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void getCreateSigWithCsrfFeatureDisbaledAndAuthTokenIsCsrfEnabled()
/*     */     throws Exception
/*     */   {
/* 162 */     Map<String, Object> attrs = new HashMap();
/* 163 */     attrs.put("zimbraCsrfTokenCheckEnabled", "FALSE");
/* 164 */     prov.modifyAttrs(prov.getConfig(), attrs, true);
/* 165 */     Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
/*     */     
/* 167 */     boolean csrfEnabled = Boolean.TRUE.booleanValue();
/* 168 */     SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE.booleanValue());
/*     */     
/*     */ 
/* 171 */     String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
/*     */     
/* 173 */     Signature sig = new Signature(null, "testSig", sigContent, "text/html");
/* 174 */     CreateSignatureRequest req = new CreateSignatureRequest(sig);
/* 175 */     SoapProtocol proto = SoapProtocol.Soap12;
/* 176 */     Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
/*     */     try
/*     */     {
/* 179 */       Element element = transport.invoke(sigReq, false, false, null);
/* 180 */       String sigt = element.getElement("signature").getAttribute("id");
/* 181 */       org.junit.Assert.assertNotNull(sigt);
/*     */     } catch (SoapFaultException e) {
/* 183 */       e.printStackTrace();
/* 184 */       org.junit.Assert.assertNull(e);
/*     */     }
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/qa/unittest/prov/soap/TestCsrfRequest.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */